TW201409236A - Memory protection - Google Patents
Memory protection Download PDFInfo
- Publication number
- TW201409236A TW201409236A TW102122332A TW102122332A TW201409236A TW 201409236 A TW201409236 A TW 201409236A TW 102122332 A TW102122332 A TW 102122332A TW 102122332 A TW102122332 A TW 102122332A TW 201409236 A TW201409236 A TW 201409236A
- Authority
- TW
- Taiwan
- Prior art keywords
- memory
- protection
- area
- read
- volatile memory
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F12/00—Accessing, addressing or allocating within memory systems or architectures
- G06F12/14—Protection against unauthorised use of memory or access to memory
- G06F12/1416—Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights
- G06F12/1425—Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights the protection being physical, e.g. cell, word, block
- G06F12/1433—Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights the protection being physical, e.g. cell, word, block for a module or a part of a module
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
- G06F3/0601—Interfaces specially adapted for storage systems
- G06F3/0602—Interfaces specially adapted for storage systems specifically adapted to achieve a particular effect
- G06F3/062—Securing storage systems
- G06F3/0622—Securing storage systems in relation to access
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F12/00—Accessing, addressing or allocating within memory systems or architectures
- G06F12/02—Addressing or allocation; Relocation
- G06F12/0223—User address space allocation, e.g. contiguous or non contiguous base addressing
- G06F12/023—Free address space management
- G06F12/0238—Memory management in non-volatile memory, e.g. resistive RAM or ferroelectric memory
- G06F12/0246—Memory management in non-volatile memory, e.g. resistive RAM or ferroelectric memory in block erasable memory, e.g. flash memory
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F12/00—Accessing, addressing or allocating within memory systems or architectures
- G06F12/14—Protection against unauthorised use of memory or access to memory
- G06F12/1416—Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights
- G06F12/1425—Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights the protection being physical, e.g. cell, word, block
- G06F12/1441—Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights the protection being physical, e.g. cell, word, block for a range
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/77—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in smart cards
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/78—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
- G06F21/79—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in semiconductor storage media, e.g. directly-addressable memories
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
- G06F3/0601—Interfaces specially adapted for storage systems
- G06F3/0628—Interfaces specially adapted for storage systems making use of a particular technique
- G06F3/0638—Organizing or formatting or addressing of data
- G06F3/064—Management of blocks
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
- G06F3/0601—Interfaces specially adapted for storage systems
- G06F3/0628—Interfaces specially adapted for storage systems making use of a particular technique
- G06F3/0655—Vertical data movement, i.e. input-output transfer; data movement between one or more hosts and one or more storage devices
- G06F3/0659—Command handling arrangements, e.g. command buffers, queues, command scheduling
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
- G06F3/0601—Interfaces specially adapted for storage systems
- G06F3/0668—Interfaces specially adapted for storage systems adopting a particular infrastructure
- G06F3/0671—In-line storage system
- G06F3/0673—Single storage device
- G06F3/0679—Non-volatile semiconductor memory device, e.g. flash memory, one time programmable memory [OTP]
-
- G—PHYSICS
- G11—INFORMATION STORAGE
- G11C—STATIC STORES
- G11C16/00—Erasable programmable read-only memories
- G11C16/02—Erasable programmable read-only memories electrically programmable
- G11C16/06—Auxiliary circuits, e.g. for writing into memory
- G11C16/22—Safety or protection circuits preventing unauthorised or accidental access to memory cells
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F12/00—Accessing, addressing or allocating within memory systems or architectures
- G06F12/14—Protection against unauthorised use of memory or access to memory
- G06F12/1458—Protection against unauthorised use of memory or access to memory by checking the subject access rights
- G06F12/1483—Protection against unauthorised use of memory or access to memory by checking the subject access rights using an access-table, e.g. matrix or list
Abstract
Description
本發明係關於一積體電路裝置裡的記憶體保護。 The present invention relates to memory protection in an integrated circuit device.
一微控制器或晶片上系統(system-on-chip)裝置典型地儲存可執行的程式碼於記憶體裡。其可在其記憶體中已儲存由該晶片製造商所寫入的一些程式碼(例如一作業系統或韌體模組)、以及由一客戶或使用者所寫入的其他程式碼(例如軟體應用)。這些程式碼經常被儲存在非揮發性記憶體裡,例如EEPROM或快閃記憶體。 A microcontroller or system-on-chip device typically stores executable code in memory. It may store in its memory some code (such as an operating system or firmware module) written by the chip manufacturer, and other code written by a client or user (such as software). application). These codes are often stored in non-volatile memory such as EEPROM or flash memory.
其有需要來防止該使用者程式碼或一外部除錯介面可以讀取或覆寫該晶片製造者寫入的程式碼,而不限制對該晶片製造者的程式碼之記憶體存取。其係由於該晶片製造者的程式碼包含了營業秘密而不想被其他人進行存取。其也可輔助防止因該使用者程式碼裡的錯誤而造成該晶片製造者的程式碼無意的毀損。 There is a need to prevent the user code or an external debug interface from reading or overwriting the code written by the wafer manufacturer without limiting memory access to the code of the wafer manufacturer. This is because the chip manufacturer's code contains business secrets and does not want to be accessed by others. It can also help prevent unintentional damage to the code of the wafer manufacturer due to errors in the user's code.
US8,051,263專利描述一記憶體保護單元,其根據用於記憶體之特定區域的一組可設定的記憶體保護屬性來選擇性地同意或拒絕記憶體存取需求。對該區域之存取係依據是否一執行單元正操作於一被允許的(privileged) 或不被允許的(non-privileged)操作模式。 US Patent No. 8,051,263 describes a memory protection unit that selectively grants or denies memory access requirements based on a set of configurable memory protection attributes for a particular area of memory. Access to the area is based on whether an execution unit is operating on a privileged Or non-privileged mode of operation.
假如該使用者程式碼執行於一不被允許的模式,該機制可被用於保護包含敏感程式碼的一記憶體區域被使用者程式碼所讀取。 If the user code is executed in an unallowed mode, the mechanism can be used to protect a memory area containing sensitive code from being read by the user code.
然而,其有可能因一惡意的攻擊而造成該處理器在一允許操作模式時從該記憶體中讀取敏感的程式碼,並接著輸出內容給該攻擊者。此外,並非所有處理器都支援執行允許或不被允許的模式。 However, it is possible for a processor to read sensitive code from the memory in an allowable mode of operation due to a malicious attack and then output the content to the attacker. In addition, not all processors support the execution of modes that are allowed or not allowed.
本發明因此採用不同的處理方法。 The invention thus employs different processing methods.
本發明的第一個目的是提供一積體電路裝置,包括一處理器、記憶體用於儲存可執行的程式碼、以及記憶體保護邏輯,其中該記憶體保護邏輯被設定用以:決定用於該記憶體一被保護區域之一讀取保護旗標的狀態;偵測該處理器的一記憶體讀取需求;決定是否該讀取需求係用於該記憶體被保護區域裡的一位址;決定是否該處理器於執行儲存在該記憶體的該被保護區域裡的程式碼時發出該讀取需求;以及假如用於該被保護區域的該讀取保護旗標被設立,拒絕用於該被保護區域中之位址的讀取需求,除非符合一或多個存取條件之至少一個,其中該等存取條件之一係為當執行儲存在該記憶體被保護區域裡的程式碼時,該處理器 發出該等讀取需求。 A first object of the present invention is to provide an integrated circuit device including a processor, a memory for storing executable code, and a memory protection logic, wherein the memory protection logic is configured to: determine Reading a state of the protection flag in one of the protected areas of the memory; detecting a memory read requirement of the processor; determining whether the read requirement is for an address in the protected area of the memory Determining whether the processor issues the read request when executing the code stored in the protected area of the memory; and if the read protection flag for the protected area is established, rejecting The read requirement of the address in the protected area, unless at least one of one or more access conditions is met, wherein one of the access conditions is when executing the code stored in the protected area of the memory When the processor Issue such read requests.
本發明第二個目的是提供一種控制一積體電路裝置上記憶體存取的方法,該積體電路裝置包括一處理器和記憶體用於儲存可執行的程式碼,該方法包括:決定用於該記憶體的一被保護區域的一讀取保護旗標的狀態;偵測該處理器的一記憶體讀取需求;決定是否該讀取需求係用於該記憶體的被保護區域裡的一位址;決定是否該處理器於執行儲存在該記憶體的被保護區域裡的程式碼時發出該讀取需求;以及假如該讀取保護旗標用於該被保護的區域被設立,拒絕該等在該被保護區域中之位址裡的讀取需求,除非符合一或多個存取條件之至少一個,其中該等存取條件之一係為當執行儲存在該被保護區域裡的程式碼時,該處理器發出該等讀取需求。 A second object of the present invention is to provide a method of controlling memory access on an integrated circuit device, the integrated circuit device comprising a processor and a memory for storing executable code, the method comprising: determining a state of reading a protection flag in a protected area of the memory; detecting a memory read requirement of the processor; determining whether the read requirement is for a protected area of the memory a address; determining whether the processor issues the read request when executing a code stored in the protected area of the memory; and rejecting the read protection flag if the protected area is set up Waiting for a read request in an address in the protected area, unless at least one of one or more access conditions is met, wherein one of the access conditions is when executing a program stored in the protected area The processor issues the read requests when the code is coded.
本發明更進一步的目的係提供一種控制一積體電路裝置上記憶體存取的方法,該積體電路裝置包括一處理器和記憶體用於儲存可執行的程式碼,該方法包括:決定用於該記憶體的一被保護區域的一讀取保護旗標被設立;偵測該處理器的一記憶體讀取需求;決定該讀取需求係用於該記憶體的該被保護區域裡的一位址; 決定該處理器於執行儲存在該記憶體的該被保護區域裡的程式碼時發出該讀取需求;以及允許該讀取需求。 A still further object of the present invention is to provide a method of controlling memory access on an integrated circuit device, the integrated circuit device comprising a processor and a memory for storing executable code, the method comprising: determining A read protection flag is set in a protected area of the memory; detecting a memory read requirement of the processor; determining that the read requirement is for use in the protected area of the memory One address; Determining that the processor issues the read request when executing the code stored in the protected area of the memory; and allowing the read request.
因此所屬領域具通常知識者根據本發明可知,當處理器需求讀取存取至該記憶體的一被保護區域時,由該處理器所執行之程式碼的位址用以決定是否允許該需求。源自被儲存在該被保護區域外之程式碼的需求可以被拒絕(假如該讀取保護旗標被適當地設立),而來自儲存在該被保護區域內之程式碼的需求本身被允許。對於許多處理器架構,例如來自ARM(RTM)者,程式碼可發出資料讀取需求至該程式碼本身被儲存的一區域是非常重要的,以使得該處理器可存取嵌入於該程式碼裡的常數。 Therefore, according to the present invention, when a processor needs to read and access a protected area of the memory, the address of the code executed by the processor is used to determine whether the request is allowed. . The requirement originating from the code stored outside the protected area can be rejected (if the read protection flag is properly set up), and the demand from the code stored in the protected area itself is allowed. For many processor architectures, such as those from ARM (RTM), it is important that the code can issue a data read request to an area in which the code itself is stored so that the processor can access the code embedded in the code. The constant in .
該保護藉由該記憶體保護邏輯而被實施,其較佳地被安排以獨立於該處理器而運行。該記憶體保護邏輯較佳地包括與該處理器分離的硬體邏輯。藉此,相比於依靠該處理器裡特准模式(privilege modes)之保護,其可減少更多惡意程式碼的有意欺騙的影響。 The protection is implemented by the memory protection logic, which is preferably arranged to operate independently of the processor. The memory protection logic preferably includes hardware logic separate from the processor. In this way, it can reduce the influence of intentional spoofing of more malicious code than relying on the protection of the privilege modes in the processor.
該晶片製造者可方便地儲存其程式碼於該被保護區域內以及設立該讀取保護旗標以防止一客戶的程式碼讀取該晶片製造者的程式碼,同時保留未限制的記憶體存取給其本身的程式碼。其它敏感的資訊,例如設定資料,也可以被儲存在該被保護區域。 The chip manufacturer can conveniently store its code in the protected area and set up the read protection flag to prevent a client's code from reading the code of the wafer manufacturer while retaining unrestricted memory. Take its own code. Other sensitive information, such as setting data, can also be stored in the protected area.
假如用於該被保護區域的讀取保護旗標沒有被設立,該記憶體保護邏輯被較佳地設定以允許該被保護 區域中之位址的讀取需求。其在該裝置和軟體的初始開發階段裡十分有用。相似地,假如一寫入保護旗標沒有被設立,該記憶體保護邏輯被較佳地設定以允許該被保護區域中之位址的寫入需求。 If the read protection flag for the protected area is not set, the memory protection logic is preferably set to allow the protection The read requirement of the address in the area. It is very useful in the initial development phase of the device and software. Similarly, if a write protection flag is not set, the memory protection logic is preferably set to allow write access to the address in the protected area.
假如該被保護區域的讀取保護旗標被設立,該記憶體保護邏輯被較佳地設定以拒絕該被保護區域之位址的讀取需求,除非該處理器於執行儲存在該被保護區域裡的程式碼(在此例中為被允許)時發出該等讀取需求。該較佳實施例僅具有一上述存取條件。然而,其它組實施例仍然可提供多個存取條件,每一條件可有效地重疊(override)於該讀取保護旗標;舉例來說,假如該處理器於執行一儲存在ROM裡的製造者啟動載入器程式時發出該讀取需求,一裝置可理解地允許該被保護區域的讀取。 If the read protection flag of the protected area is set, the memory protection logic is preferably set to reject the read requirement of the address of the protected area unless the processor is executing the stored in the protected area. These read requests are issued when the code in the code (in this case is allowed). The preferred embodiment has only one of the above access conditions. However, other sets of embodiments may still provide multiple access conditions, each of which may effectively override the read protection flag; for example, if the processor is executing a manufacturing stored in ROM The read request is issued when the loader program is launched, and a device understandably allows reading of the protected area.
該記憶體保護邏輯可進一步被相似地設定,以決定用於該被保護區域的一寫入保護旗標之狀態,以及假如用於該被保護區域的寫入保護旗標被設立,拒絕該被保護區域位址的寫入需求,除非該處理器於執行儲存在該被保護區域裡的程式碼時發出該等寫入需求。該讀取保護旗標也可做為寫入保護旗標,或可為二分離的旗標。 The memory protection logic can be further similarly set to determine the state of a write protection flag for the protected area, and if the write protection flag for the protected area is established, reject the The write area protects the write requirements of the address, unless the processor issues the write request when executing the code stored in the protected area. The read protection flag can also be used as a write protection flag, or can be a separate flag.
於一組較佳實施例裡,該記憶體為非揮發性記憶體,例如快閃記憶體。該處理器在執行時可直接從該非揮發性記憶體取得程式碼,或在一些實施例裡,至少一些程式碼可被快取(例如在揮發性記憶體裡)。假如該裝置包括此一快取(cache),可知此處參照來執行儲存在被保護區域裡 的程式碼包含執行該程式碼的一快取複製。 In a preferred embodiment, the memory is a non-volatile memory such as a flash memory. The processor can obtain the code directly from the non-volatile memory when executed, or in some embodiments, at least some of the code can be cached (e.g., in volatile memory). If the device includes this cache, it can be seen that the reference is used to store in the protected area. The code contains a cache copy that executes the code.
在其它實施例裡,該記憶體可為揮發性記憶體,例如保留給可執行程式碼之RAM的一部分,以及該被保護區域是揮發性記憶體的一區域。當該裝置的電源打開時,該可執行的程式碼可被複製至此記憶體(例如從ROM或快閃記憶體)。二擇一地,當該裝置使用時,程式碼的區段或個別的指令可視所需而被複製至揮發性記憶體的一被保護區域。 In other embodiments, the memory can be a volatile memory, such as a portion of RAM that is reserved for executable code, and the protected area is an area of volatile memory. When the device's power is turned on, the executable code can be copied to the memory (eg, from ROM or flash memory). Alternatively, when the device is in use, segments of the code or individual instructions can be copied to a protected area of the volatile memory as desired.
該處理器和記憶體可藉由一或多個匯流排而被連結。該記憶體保護邏輯亦可被連結於至少一組該等匯流排。該記憶體保護邏輯被較佳地設定來監督該記憶體的所有存取(例如所有讀取、寫入和指令-取得操作)。 The processor and memory can be linked by one or more bus bars. The memory protection logic can also be coupled to at least one of the bus bars. The memory protection logic is preferably configured to supervise all accesses to the memory (eg, all read, write, and instruction-fetch operations).
該記憶體保護邏輯可決定是否該處理器於執行儲存在該記憶體被保護區域的程式碼時發出該等讀取需求,其係藉由判斷緊接於該記憶體存取需求之前的一指令-取得(instruction-fetch)操作的位址是否位於該被保護區域內來決定。根據是否該取得之指令是位於該被保護區域,該記憶體保護邏輯可被設定用以設立一暫存器於每個指令-取得操作上。該暫存器可包括一二進位旗標,該旗標根據是否該指令取得的位址是在該被保護區域裡而被設立。 The memory protection logic can determine whether the processor issues the read request when executing the code stored in the protected area of the memory by determining an instruction immediately before the memory access request - Determine whether the address of the (instruction-fetch) operation is located within the protected area. The memory protection logic can be configured to set up a register for each instruction-acquisition operation depending on whether the fetched instruction is located in the protected area. The register may include a binary flag that is set based on whether the address obtained by the instruction is in the protected area.
該記憶體保護邏輯可被設定用以在一記憶體匯流排上使用交換型態資訊來辨識一指令-取得操作(例如將其從一讀取需求中區別)。二擇一地,其可被設定用以藉由決定一處理器腳位的狀態來辨識一指令-取得操作,或藉 由辨識匯流排來傳送該取得指令(例如在裝置裡具有分開的資料-取得以及指令-取得匯流排)。當使用ARM(RTM)的Cortex-M0處理器,該記憶體保護邏輯可從Cortex-M0使用該HPROT[0](資料/運算碼)信號來區別一運算碼取得和資料存取。 The memory protection logic can be configured to use an exchange type information on a memory bus to identify an instruction-acquisition operation (eg, distinguishing it from a read requirement). Alternatively, it can be configured to identify an instruction-acquisition operation by deciding the state of a processor pin, or to borrow The fetch instruction is transmitted by the identification bus (eg, having separate data-acquisition and command-acquisition buss in the device). When using the ARM(RTM) Cortex-M0 processor, the memory protection logic can use the HPROT[0] (data/opcode) signal from the Cortex-M0 to distinguish between an opcode fetch and a data access.
該被保護區域可包括數個離散區域或位址範圍。然而,較佳地其藉由一單一、連續位址範圍定義,來簡化邏輯執行。在一些較佳實施例裡,該被保護區域係可變的以及藉由儲存於該裝置之一或多位址而被定義,例如儲存為非揮發性記憶體裡的設定資料。 The protected area may include several discrete areas or address ranges. However, it is preferred to simplify logic execution by defining a single, continuous address range. In some preferred embodiments, the protected area is variable and is defined by being stored in one or more addresses of the device, such as stored as non-volatile memory.
該被保護區域可在記憶體位址範圍內的一預設常數位址和一變化點之間延伸。該常數位址可方便地為用於該記憶體的一基底或終點位址,或甚至用於該裝置的所有記憶體位址空間;例如零(0x0000 0000)。藉此該區域可藉由儲存在該裝置的一單一值而被簡潔地特定為定義該記憶體內被保護區域的變數終點的位址。 The protected area can extend between a predetermined constant address and a change point within the memory address range. The constant address can conveniently be a base or destination address for the memory, or even all memory address spaces for the device; for example zero (0x0000 0000). Thereby the area can be succinctly specified as an address defining the variable end point of the protected area in the memory by a single value stored in the device.
該記憶體保護單元可接著被設定用以決定是否該讀取需求係用於該記憶體的被保護區域的一位址,其係藉由是否該位址係位於該預設常數位址和該可變記憶體位址之間來決定。此操作可使用相當少的邏輯閘來執行。 The memory protection unit can then be configured to determine whether the read requirement is for an address of the protected area of the memory by whether the address is located at the predetermined constant address and The variable memory address is determined between. This operation can be performed using a relatively small number of logic gates.
實施例中前述被保護記憶體區域是位於非揮發性記憶體裡,該裝置也可包括揮發性記憶體,如RAM。假如用於該揮發性記憶體被保護區域的一讀取保護旗標被設立,該記憶體保護邏輯可額外被設定來拒絕用於該揮發 性記憶體被保護區域位址的該等讀取需求,除非該處理器於執行儲存在該非揮發性記憶體被保護區域的程式碼時發出該等讀取需求。以此方式,被保護RAM的一區域可由儲存在該非揮發性記憶體(例如用於累積儲存)的被保護區域的程式碼所使用,同時被保護免由區域外的程式碼所讀取,此可保護晶片製造商所寫之程式碼儲存於RAM中之敏感資訊。 In the embodiment, the protected memory area is located in a non-volatile memory, and the apparatus may also include a volatile memory such as a RAM. If a read protection flag for the protected area of the volatile memory is established, the memory protection logic can be additionally set to reject the volatile The read requirements of the protected area address of the memory are issued unless the processor issues the read code stored in the protected area of the non-volatile memory. In this manner, an area of the protected RAM can be used by the code stored in the protected area of the non-volatile memory (eg, for cumulative storage) while being protected from code outside the area, this Sensitive information stored in RAM can be protected by code written by the chip manufacturer.
相似地,假如用於該揮發性記憶體的一寫入保護旗標被設立,該記憶體保護邏輯可被設定來拒絕用於該揮發性記憶體被保護區域位址的該等寫入需求,除非該處理器於執行儲存在該非揮發性記憶體被保護區域的程式碼時發出該等寫入需求。以此方式,儲存在非揮發性記憶體被保護區域外之客戶程式碼可避免無意或惡意的改變或覆寫該非揮發性記憶體被保護區域的程式碼所屬的揮發性資料。 Similarly, if a write protection flag for the volatile memory is set, the memory protection logic can be set to reject the write requests for the protected memory address of the volatile memory. The write request is issued unless the processor executes the code stored in the protected area of the non-volatile memory. In this way, the client code stored outside the protected area of the non-volatile memory can avoid inadvertently or maliciously changing or overwriting the volatile data to which the code of the protected area of the non-volatile memory belongs.
該等非揮發性記憶體保護旗標也可作為揮發性記憶體保護旗標,或該揮發性記憶體旗標可包括一或多個分離旗標。 The non-volatile memory protection flags may also serve as a volatile memory protection flag, or the volatile memory flag may include one or more separation flags.
在前述任一實施例中,該裝置可包括一介面(例如一或多個腳位)以允許藉由一外部除錯器或軟體載入器來進行記憶體存取。在本發明較佳實施例中,假如一個用於被保護區域的除錯保護旗標被設立,該記憶體保護邏輯被配置來拒絕經由用於非揮發或揮發性記憶體的一些或全部被保護區域中之位址的該介面所接收之讀取需求。該 保護可相似地被提供用於寫入存取至揮發性或非揮發性記憶體的一被保護區域及/或用於一被保護區域的指令取得。該記憶體保護邏輯可被設定以藉由判斷何時一除錯器作為於該裝置裡的一記憶體匯流排之一匯流排主要裝置,而辨識記憶體存取需求係發源於一除錯介面。當該處理器為ARM(RTM)的一Cortex-M0,該處理器可使用該Cortex-M0的HMASTER信號來區別處理器核心和除錯器的執行。 In any of the foregoing embodiments, the device can include an interface (e.g., one or more pins) to allow memory access by an external debugger or software loader. In a preferred embodiment of the invention, if a debug protection flag for the protected area is established, the memory protection logic is configured to reject protection via some or all of the non-volatile or volatile memory. The read requirement received by the interface of the address in the area. The Protection may similarly be provided for write access to a protected area of volatile or non-volatile memory and/or instruction fetching for a protected area. The memory protection logic can be configured to determine when a debugger acts as a bus master device in a memory bus of the device, and the memory access requirement originates from a debug interface. When the processor is a Cortex-M0 of ARM (RTM), the processor can use the HMASTER signal of the Cortex-M0 to distinguish the execution of the processor core and the debugger.
該記憶體保護邏輯可進一步被設定用以決定可執行程式碼的記憶體之一使用者區域的一讀取保護旗標之狀態。此使用者區域可包括部分或全部記憶體鄰近但排除該位址空間裡的被保護之碼區域。假如用於該使用者區域的讀取保護旗標被設立,該記憶體保護邏輯可被設定來拒絕用於該使用者區域裡的位址且從一除錯介面被接收的讀取及/或寫入需求。以此方式,一客戶或其他使用者可保護其使用者應用程式碼免於第三方未被授權的存取;例如,基於機密性的理由。 The memory protection logic can be further configured to determine a state of a read protection flag of a user area of one of the memory of the executable code. The user area may include some or all of the memory adjacent to but exclude the protected code area in the address space. If the read protection flag for the user area is established, the memory protection logic can be set to reject the read and/or received from the debug interface and/or received from the debug interface. Write requirements. In this way, a client or other user can protect their user application code from unauthorized access by third parties; for example, based on confidentiality reasons.
在一些實施例裡,該裝置包括積體射頻通訊邏輯,例如一射頻發射器及/或接收器(即一晶片上射頻,radio-on-a-chip)。包括有實現一射頻堆疊之程式碼的一韌體模組可被儲存在程式碼記憶體之被保護區域。界接於該韌體模組的一軟體應用可被儲存在該被保護區域外。 In some embodiments, the apparatus includes integrated radio frequency communication logic, such as a radio frequency transmitter and/or receiver (i.e., a radio-on-a-chip). A firmware module including a code for implementing an RF stack can be stored in a protected area of the code memory. A software application bound to the firmware module can be stored outside of the protected area.
本發明實施例特別適用於不具傳統操作系統的裝置,但允許一使用者開發本質程式碼(native code)以直接執行在該處理器上。其係因為該等裝置不能依靠一作業 系統來控制記憶體存取以及保護該裝置製造者安裝在該裝置上的任何機密軟體資料庫或模組。 Embodiments of the present invention are particularly applicable to devices that do not have a conventional operating system, but allow a user to develop native code to execute directly on the processor. Because the devices cannot rely on an operation The system controls memory access and protects any confidential software library or module that the device manufacturer installs on the device.
在本發明任一實施例裡,該等讀取及/或寫入保護旗標被較佳地儲存在非揮發性記憶體裡。在使用上,該等旗標當然地被快取於一暫存器或一RAM裡。一保護旗標可正好為一組較大設定值的一元素。其可以任何適合的方式被編碼。在一些實施例裡,每一如此之保護旗標被儲存為一個二進位旗標或位元欄。 In any embodiment of the invention, the read and/or write protection flags are preferably stored in non-volatile memory. In use, the flags are of course cached in a register or a RAM. A protection flag can be exactly one element of a larger set of values. It can be encoded in any suitable manner. In some embodiments, each such protection flag is stored as a binary flag or a bit field.
一或多個保護旗標可被儲存在非揮發性記憶體的一保護-設定區域裡。較佳地,該裝置包括非揮發性記憶體控制邏輯,其被配置用以避免寫入至該保護-設定區域的任何部分,除非該部分是一被抹除狀態。較佳地,該非揮發性記憶體控制邏輯進一步被配置用以只有當該非揮發性記憶體的一被保護區域是一抹除狀態時,才允許該保護-設定區域被抹除。 One or more protection flags can be stored in a protection-setting area of the non-volatile memory. Preferably, the apparatus includes non-volatile memory control logic configured to avoid writing to any portion of the protection-set area unless the portion is in an erased state. Preferably, the non-volatile memory control logic is further configured to allow the protection-set region to be erased only when a protected area of the non-volatile memory is in an erased state.
以此方式,在沒有先抹除任何儲存在該非揮發性記憶體保護區域的資料之情況下,該等保護旗標不能重新寫入。儲存在該被保護區域的敏感可執行程式碼因此不能夠僅藉由重置用於該非揮發性記憶體的讀取保護旗標而予以讀取。 In this manner, the protection flags cannot be rewritten without first erasing any data stored in the non-volatile memory protected area. The sensitive executable code stored in the protected area cannot therefore be read by simply resetting the read protection flag for the non-volatile memory.
此構想是新穎的並具有創造性。因此,從更進一步的觀點,本發明提供一積體電路裝置,其包括一處理器、非揮發性記憶體、非揮發性記憶體控制邏輯、及記憶體保護邏輯,其中: 該記憶體保護邏輯被配置用以依據儲存在該非揮發性記憶體的一保護-設定區域的保護設定資料來控制該非揮發性記憶體的一可保護區域的存取;該非揮發性記憶體控制邏輯被配置用以避免寫入該保護-設定區域的任何部分,除非該部分屬於一抹除狀態;以及該非揮發性記憶體控制邏輯被配置用以只有在該可保護區域屬於一抹除狀態時才允許該保護-設定區域被抹除。 This vision is novel and creative. Therefore, from a still further perspective, the present invention provides an integrated circuit device including a processor, non-volatile memory, non-volatile memory control logic, and memory protection logic, wherein: The memory protection logic is configured to control access to a protectable area of the non-volatile memory according to a protection setting data stored in a protection-setting area of the non-volatile memory; the non-volatile memory control logic Configuring to avoid writing to any portion of the protection-set area unless the portion is in an erased state; and the non-volatile memory control logic is configured to allow the protected area only if it is in an erased state Protection - The setting area is erased.
從另一觀點來看,本發明提供一方法用以控制包括一處理器和非揮發性記憶體的一積體電路裝置上之記憶體存取,該方法包括:依據儲存在該非揮發性記憶體的一保護-設定區域的保護設定資料來控制該非揮發性記憶體的一可保護區域的存取;避免寫入該保護-設定區域的任何部分,除非該部分屬於一抹除狀態;只有當該可保護區域屬於一抹除狀態時才允許該保護-設定區域被抹除。 From another point of view, the present invention provides a method for controlling memory access on an integrated circuit device including a processor and non-volatile memory, the method comprising: storing in the non-volatile memory a protection-setting area protection setting data to control access to a protected area of the non-volatile memory; avoid writing any part of the protection-setting area unless the part belongs to an erased state; only if The protection-set area is allowed to be erased when the protected area is in an erased state.
先前所述之特色和其實施例亦可作為這些實施例的附加特色,只要合適。尤其是如先前所述,該可保護區域可為該非揮發性記憶體的一被保護區域,以及如前述該保護設定資料可包括一或多個保護旗標。 The features and embodiments thereof previously described may also be additional features of these embodiments, as appropriate. In particular, as previously described, the protectable area can be a protected area of the non-volatile memory, and the protection setting data can include one or more protection flags as previously described.
較佳地,非揮發性記憶體控制邏輯操作獨立於該處理器。其較佳地包括與該處理器分離的不同邏輯閘。 以此方式,一惡意或未注意的程式不能夠忽略該非揮發性記憶體控制邏輯而執行程式碼於該處理器上。在較佳實施例裡,該記憶體保護邏輯相似地係獨立於該處理器。 Preferably, the non-volatile memory control logic operates independently of the processor. It preferably includes a different logic gate separate from the processor. In this way, a malicious or unnoticed program cannot ignore the non-volatile memory control logic and execute code on the processor. In the preferred embodiment, the memory protection logic is similarly independent of the processor.
US 6952778專利描述一微控制器根據所設定的規則來提供一實施記憶體之記憶體區塊讀取及/或寫入的保護。該等規則分配記憶體區塊的各自等級並被儲存在一監督非揮發性記憶體裡。當其根據一終端使用者的需求而已經開始被程式化時,該區塊安全等級可以被增強,除非該監督者非揮發性記憶體被抹除以及該微控制器被重新起始。此導致該使用者定義的預設安全等級被重新儲存。 US 6,952,778 describes a microcontroller that provides protection of memory block reads and/or writes that implement memory in accordance with established rules. These rules allocate the respective levels of memory blocks and are stored in a supervised non-volatile memory. When it has begun to be programmed according to the needs of an end user, the block security level can be enhanced unless the supervisor non-volatile memory is erased and the microcontroller is restarted. This causes the user-defined default security level to be re-stored.
然而該方法依賴該預設安全等級成功的復原來使得該等記憶體區塊被充分地保護。假如一攻擊者可界接重新起始該微控制器的處理,該記憶體的內容可能失去保護而被該攻擊者所讀取。 However, the method relies on the successful restoration of the preset security level to cause the memory blocks to be adequately protected. If an attacker can be bound to restart the processing of the microcontroller, the contents of the memory may be lost and protected by the attacker.
對照之下,本發明較佳實施例使用專門的非揮發性記憶體控制邏輯與記憶體保護邏輯來確保該保護設定資料僅在任何敏感資訊已經從該裝置上先被抹除後才可以被重置。 In contrast, the preferred embodiment of the present invention uses specialized non-volatile memory control logic and memory protection logic to ensure that the protection settings data can only be severed after any sensitive information has been erased from the device. Set.
該非揮發性記憶體控制邏輯可被設定使得該非揮發性記憶體控制邏輯所提供用來抹除該保護-設定區域的唯一機制為一指令,其皆抹除可保護區域和保護-設定區域。此可為一指令用來抹除該裝置上的所有非揮發性記憶體。 The non-volatile memory control logic can be set such that the only mechanism provided by the non-volatile memory control logic to erase the protection-set area is an instruction that erases the protectable area and the protection-set area. This can be an instruction to erase all non-volatile memory on the device.
假如該保護-設定區域和該可保護區域包括不 同記憶體頁或可抹除區塊,該非揮發性記憶體控制邏輯較佳地被設定用以在抹除任何形成部分該保護-設定區域的頁或區塊之前,抹除所有形成可保護區域的頁或區塊。以此方式,假如該抹除操作在完成前被中斷,若該可保護區域尚未被完全抹除,該保護設定資料仍將被呈現,藉此持續提供保護。 If the protection-setting area and the protectable area include In the same memory page or erasable block, the non-volatile memory control logic is preferably configured to erase all of the formed protectable regions before erasing any pages or blocks forming part of the protection-setting region Page or block. In this way, if the erase operation is interrupted before completion, if the protectable area has not been completely erased, the protection setting data will still be presented, thereby continuing to provide protection.
該記憶體保護邏輯可被設定,以使得當該保護-設定區域是在一抹除狀態時,該可保護區域的存取是該限制等級的序組中之最高等級。其藉由以預設而限制該可保護區域的存取,例如,假設一使用者在抹除後忘記設定新的設定資料,而可提供額外的安全性。 The memory protection logic can be set such that when the protection-set region is in an erased state, access to the protectable region is the highest level in the sequence of the restriction levels. It limits access to the protected area by presetting, for example, assuming that a user forgets to set a new setting profile after erasing, providing additional security.
藉由在一被抹除狀態時允許寫入該保護-設定區域,該保護設定資訊可被設定在製造過程或授權時,以及在該裝置之任何後續重新程式化的時間裡。 By allowing writing to the protection-setting area in an erased state, the protection setting information can be set during the manufacturing process or authorization, as well as during any subsequent reprogramming of the device.
該非揮發性記憶體控制邏輯較佳地被配置用以接收一指令來寫入該保護-設定區域的一部分,並且在允許寫入前檢查該部分是否是抹除狀態以回應該指令。其可藉由讀取該部分以及決定其屬於非揮發性記憶體型態的一本質(natural)抹除狀態來完成。舉例來說,在一頁已被抹除後,快閃記憶體具有一個二進位“1”於每個位元上。該記憶體控制邏輯藉此可在允許寫入操作前檢查每一位元是否為“1”。其它記憶體型態當然也可讀取“0”或具有其它本質抹除狀態。 The non-volatile memory control logic is preferably configured to receive an instruction to write a portion of the protection-set area and to check if the portion is an erased state to respond to the instruction before allowing the write. This can be done by reading the portion and determining a natural erase state of the non-volatile memory type. For example, after a page has been erased, the flash memory has a binary "1" on each bit. The memory control logic thereby checks whether each bit is "1" before allowing the write operation. Other memory types can of course also read "0" or have other essential erase states.
二擇一地,該非揮發性記憶體區域可包括抹除 狀態旗標,當該區域被抹除時該等旗標被重置,但當一第一寫入操作被執行至該區域時,該等旗標藉由該非揮發性記憶體控制邏輯被設立。在此情況下,該非揮發性記憶體控制邏輯在允許一寫入操作至該保護-設定區域的一部份之前,可檢查一或多個抹除狀態旗標。 Alternatively, the non-volatile memory region may include an erase The status flag is reset when the area is erased, but when a first write operation is performed to the area, the flags are set by the non-volatile memory control logic. In this case, the non-volatile memory control logic may check one or more erase status flags before allowing a write operation to a portion of the protection-set region.
該記憶體-保護設定區域可儲存一或多個值,如先前所述該值定義非揮發性記憶體的可保護區域及/或定義揮發性記憶體的一被保護區域。以此方式,攻擊者如沒有先破壞這些內容則不能改變該(該等)被保護區域的定義。 The memory-protection set area can store one or more values that define a protectable area of the non-volatile memory and/or a protected area that defines the volatile memory as previously described. In this way, an attacker cannot change the definition of the protected area without first destroying the content.
上述實施例僅係為了方便說明而舉例而已,而非僅限於上述實施例。 The above embodiments are merely examples for convenience of explanation, and are not limited to the above embodiments.
2‧‧‧最高階供應模組 2‧‧‧Highest level supply module
4a‧‧‧高等級主要模組 4a‧‧‧High-level main module
4b,4c‧‧‧其他主要模組 4b, 4c‧‧‧ Other major modules
6‧‧‧副模組 6‧‧‧Submodule
6a,6b,6c‧‧‧周邊 Around 6a, 6b, 6c‧‧
8‧‧‧副模組 8‧‧‧Submodule
10‧‧‧時脈閘控制 10‧‧‧ hour pulse control
52‧‧‧資源需求輸入 52‧‧‧Requirement of resource requirements
54‧‧‧重置需求線 54‧‧‧Reset demand line
56‧‧‧代價等級設定 56‧‧‧Price level setting
58‧‧‧時脈來源輸入 58‧‧‧clock source input
60‧‧‧搭檔需求輸入端 60‧‧‧ Partner demand input
62‧‧‧搭檔需求輸出端 62‧‧‧ Partner demand output
64‧‧‧介面 64‧‧‧ interface
12,12a,12b,12c,12d‧‧‧狀態機器 12, 12a, 12b, 12c, 12d‧‧‧ state machine
14 16 22‧‧‧介面 14 16 22‧‧"Interface
28‧‧‧超低電量(ULP)暫存器 28‧‧‧Ultra Low Battery (ULP) Register
30‧‧‧主要電壓暫存器 30‧‧‧Main voltage register
32‧‧‧開關 32‧‧‧ switch
34‧‧‧RC(電阻-電容)震盪器 34‧‧‧RC (resistance-capacitor) oscillator
36‧‧‧晶體震盪器 36‧‧‧Crystal oscillator
38‧‧‧時脈來源部分 38‧‧‧ Clock source section
40‧‧‧緩衝器 40‧‧‧buffer
50‧‧‧資源需求線 50‧‧‧Resource demand line
65‧‧‧設定介面 65‧‧‧Setting interface
66‧‧‧時脈輸出端 66‧‧‧clock output
68‧‧‧重置輸出端 68‧‧‧Reset output
69‧‧‧狀態輸出 69‧‧‧Status output
70,72,74,76,78,80‧‧‧主要模組 70,72,74,76,78,80‧‧‧ main modules
82,84,86‧‧‧下游連結 82,84,86‧‧‧downstream links
88‧‧‧需求重置連結 88‧‧‧Required reset link
90‧‧‧重置下游連結 90‧‧‧Reset downstream links
92‧‧‧搭檔需求 92‧‧‧ Partner requirements
本發明的一些較佳實施例將在此被描述,但僅是舉例,並參考所附圖式,其中:圖1係本發明一實施例之一微控制器示意圖;圖2係該微控制器架構裡主要軟體元件示意圖;以及圖3係該微控制器的示意記憶體映射。 The preferred embodiments of the present invention will be described herein, but by way of example only, and with reference to the accompanying drawings in which: FIG. 1 is a schematic diagram of a microcontroller of an embodiment of the invention; FIG. A schematic diagram of the main software components in the architecture; and Figure 3 is a schematic memory map of the microcontroller.
圖1顯示一積體電路微控制器1或一晶片上射頻(radio-on-a-chip)包括一可具有一電阻-電容振盪器及/或可接收來自一外接-晶片(off-chip)晶體振盪器(圖未顯示)的一輸入的時脈邏輯3、一電源管理電路5、一處理器7(如一ARM(RTM)Cortex-M0)、一記憶體保護單元9、一隨機存取記憶體(RAM)11、一快閃記憶體控制器20、一快閃記憶體 13、一射頻通訊邏輯17、一或多個周邊15、以及一輸入/輸出電路19。 1 shows an integrated circuit microcontroller 1 or a radio-on-a-chip including a resistor-capacitor oscillator and/or receivable from an off-chip. An input clock logic 3 of a crystal oscillator (not shown), a power management circuit 5, a processor 7 (such as an ARM (RTM) Cortex-M0), a memory protection unit 9, a random access memory Body (RAM) 11, a flash memory controller 20, a flash memory 13. A radio frequency communication logic 17, one or more peripherals 15, and an input/output circuit 19.
這些元件使用合適的線路及/或匯流排(圖未顯示)而被互相連結。該微控制器1可使用一Harvard架構或一von Neumann架構。該記憶體保護單元9被配置用以攔截從該處理器7至該RAM11以及至該快閃記憶體控制器20的所有記憶體存取指令。 These components are interconnected using suitable wiring and/or bus bars (not shown). The microcontroller 1 can use a Harvard architecture or a von Neumann architecture. The memory protection unit 9 is configured to intercept all memory access instructions from the processor 7 to the RAM 11 and to the flash memory controller 20.
該微控制器1也具有一除錯介面18可被用於載入資料至該快閃記憶體13以及用於除錯該處理器7。其不直接對該RAM11與快閃記憶體13進行存取,而是必須經由該記憶體保護單元9與快閃記憶體控制器20來對這些記憶體進行存取。 The microcontroller 1 also has a debug interface 18 that can be used to load data into the flash memory 13 and to debug the processor 7. It does not directly access the RAM 11 and the flash memory 13, but must access the memory via the memory protection unit 9 and the flash memory controller 20.
在使用上,該微控制器1可被連結至數個外部元件,例如一個電源供應、射頻天線、晶體振盪器、數個感應器、輸出裝置等。 In use, the microcontroller 1 can be coupled to a number of external components, such as a power supply, a radio frequency antenna, a crystal oscillator, a plurality of inductors, an output device, and the like.
圖2顯示可安裝在該微控制器1的軟體元件。界接於該微控制器1硬體的是一選擇的硬體抽象層21,例如為ARM(RTM)Cortex微控制器軟體介面標準。在其之上的是一韌體模組23以及一分開軟體應用27。 Figure 2 shows the software components that can be mounted on the microcontroller 1. Connected to the microcontroller 1 hardware is a selected hardware abstraction layer 21, such as the ARM (RTM) Cortex microcontroller software interface standard. Above it is a firmware module 23 and a separate software application 27.
該韌體模組23是一個二進位應用包括數個嵌入的軟體區塊。一射頻協定區塊31實現一或多個無線協定堆疊。一射頻事件管理器33提供用於該射頻通訊邏輯17的存取排程和多組事件。一資料庫35提供被分享的硬體資源管理以及功能,例如隨機數量產生、設定攔截以及優先 順序、電量管理(例如用於致能及禁能數個周邊)、加密功能等。一韌體管理器37支援致能及禁能該韌體模組,並致能及禁能該無線協定堆疊。 The firmware module 23 is a binary application comprising a plurality of embedded software blocks. A radio frequency protocol block 31 implements one or more wireless protocol stacks. A radio frequency event manager 33 provides access schedules and sets of events for the radio frequency communication logic 17. A database 35 provides shared hardware resource management and functions, such as random number generation, setting interception, and prioritization Sequence, power management (for example, enabling and disabling several peripherals), encryption functions, etc. A firmware manager 37 supports enabling and disabling the firmware module and enabling and disabling the wireless protocol stack.
該韌體模組23不須是一完整的作業系統,其不須支援多工處理、記憶體分配等。 The firmware module 23 does not need to be a complete operating system, and does not need to support multiplex processing, memory allocation, and the like.
用於該韌體模組23的一應用介面(API)29允許該軟體應用27來調用該韌體模組23裡的功能函數。其可完全使用系統呼叫來實現。當使用一ARM(RTM)處理器,每一API功能函數原型在編譯時間上經由一關聯的監督者呼叫單元而映射至一個韌體功能函數。該映射可被提供給該軟體應用27的開發者,以允許該功能函數被正確地呼叫。 An application interface (API) 29 for the firmware module 23 allows the software application 27 to invoke the function functions in the firmware module 23. It can be implemented entirely using system calls. When an ARM (RTM) processor is used, each API function prototype is mapped to a firmware function at compile time via an associated supervisor call unit. This mapping can be provided to the developer of the software application 27 to allow the function to be called correctly.
該韌體模組23可傳遞事件至該軟體應用27作為軟體中斷,該內容被暫緩直到被該應用軟體27所讀取(輪詢)。該讀取經由一API呼叫所完成(例如event_get())。 The firmware module 23 can pass an event to the software application 27 as a software interrupt, the content being suspended until it is read (polled) by the application software 27. This reading is done via an API call (eg event_get()).
圖3顯示該RAM11和快閃記憶體13如何在該韌體模組23和該軟體應用27之間被分享。該快閃記憶體13被分配數個由零(0x0000 0000)至SizeOfProgMem的位址來儲存可執行的程式碼。 FIG. 3 shows how the RAM 11 and the flash memory 13 are shared between the firmware module 23 and the software application 27. The flash memory 13 is assigned a number of addresses from zero (0x0000 0000) to SizeOfProgMem to store executable code.
可位於其自身的快閃頁面上之快閃記憶體13的其它區域,係從MemConfigStart延伸至MemConfigEnd並且被用於儲存給該記憶體保護單元9使用的設定資料。在一組實施例,此頁面從0x1000 0000延伸至0x1000 07ff,但如同此處所提到所有該位址的值,這些值係依照使用在任何給定之實施例上之特定處理器架構而定。 Other areas of the flash memory 13 that may be located on its own flash page extend from MemConfigStart to MemConfigEnd and are used to store configuration data for use by the memory protection unit 9. In one set of embodiments, this page extends from 0x1000 0000 to 0x1000 07ff, but as with all of the address values mentioned herein, these values are based on the particular processor architecture used on any given embodiment.
該RAM11被配置於從0x2000 0000的位址上升至0x2000 0000+SizeOfRAM的位址。 The RAM 11 is configured to rise from an address of 0x2000 0000 to an address of 0x2000 0000+SizeOfRAM.
該快閃記憶體13的程式區域包括在一位址CLEAN0(程式碼長度區域0)兩側的兩限制區域。在零和CLEAN0之間的區域0是該韌體模組23被載入之處。一韌體中斷向量表被儲存在位址零。從CLEAN0上升至SizeOfProgMem的區域1是該軟體應用被載入之處。其也可以具有一中斷向量表位於位址CLEAN0處。 The program area of the flash memory 13 includes two restricted areas on both sides of the address CLEAN0 (code length area 0). The area 0 between zero and CLEAN0 is where the firmware module 23 is loaded. A firmware interrupt vector table is stored at address zero. Area 1 rising from CLEAN0 to SizeOfProgMem is where the software application is loaded. It may also have an interrupt vector table located at address CLEAN0.
該RAM11相似地具有從該基底位址0x2000 000至RLENR0的一區域0,以及具有從RLENR0向上延伸的一區域1。RAM區域0提供堆積(heap)儲存以用於該韌體模組,而RAM區域1提供堆積儲存以用於該軟體應用27。一呼叫堆疊被分享在該韌體模組23和該軟體應用27之間,並且從(0x2000 0000+SizeOfRAM)開始向下成長。分配至該呼叫堆疊的記憶體必須足夠大以符合該軟體應用27和該韌體模組23的需求。 The RAM 11 similarly has a region 0 from the base address 0x2000 000 to RLENR0, and a region 1 extending upward from RLENR0. RAM area 0 provides heap storage for the firmware module, while RAM area 1 provides stacked storage for the software application 27. A call stack is shared between the firmware module 23 and the software application 27, and grows downward from (0x2000 0000 + SizeOfRAM). The memory allocated to the call stack must be large enough to meet the requirements of the software application 27 and the firmware module 23.
CLEANR0和RLENR0的值被儲存在該快閃記憶體13的記憶體保護設定區域。 The values of CLEANR0 and RLENR0 are stored in the memory protection setting area of the flash memory 13.
在供電量時,儲存在該快閃記憶體13的記憶體保護設定區域裡的相關資料被複製至該記憶體保護邏輯9可存取的記憶體設定暫存器裡。該等暫存器只可由一僅於啟動該微控制器1時執行之硬體狀態機器所寫入,使得改變這些暫存器內容的唯一方法係改變該快閃記憶體13的記憶體保護設定區域裡的資料。 At the time of power supply, the related data stored in the memory protection setting area of the flash memory 13 is copied to the memory setting register accessible by the memory protection logic 9. The registers can only be written by a hardware state machine that is executed only when the microcontroller 1 is booted, such that the only way to change the contents of the registers is to change the memory protection settings of the flash memory 13. Information in the area.
該記憶體保護邏輯9被配置來攔截從該處理器7至該快閃記憶體13和該RAM11的所有記憶體存取需求(例如資料提取或指令提取操作)。其可以辨識來自該記憶體匯流排上一“交易(transaction)型態”的一指令-提取操作。對於該處理器7產生來自該快閃記憶體13的所有指令提取,假如該被提取指令的位址小於CLEAR0,該記憶體保護邏輯9更新一“韌體區域”暫存器裡的一單一位元旗標為1,假如該被提取指令的位址大於或等於CLEAR0,該記憶體保護邏輯9更新該旗標為0。 The memory protection logic 9 is configured to intercept all memory access requirements (e.g., data extraction or instruction fetch operations) from the processor 7 to the flash memory 13 and the RAM 11. It can recognize an instruction-extraction operation from a "transaction type" on the memory bus. For the processor 7, all instruction fetches from the flash memory 13 are generated. If the address of the fetched instruction is less than CLEAR0, the memory protection logic 9 updates a single bit in a "firm region" register. The meta flag is 1, and if the address of the fetched instruction is greater than or equal to CLEAR0, the memory protection logic 9 updates the flag to zero.
對於每一資料存取需求,該記憶體保護邏輯9藉由檢查該“韌體區域”暫存器之值而判斷是否該存取需求來自於該韌體模組23或其他地方。其可被設定藉由判斷該活動的記憶體匯流排主要裝置(master)的身份,而來偵測是否該需求的來源是除錯介面18,或一直接記憶體存取(DMA)單元。其也存取該記憶體保護設定暫存器,並基於該“韌體區域”暫存器的狀態以及該匯流排主要裝置的身份而決定是否允許或拒絕該存取需求。 For each data access request, the memory protection logic 9 determines whether the access requirement is from the firmware module 23 or elsewhere by checking the value of the "firm region" register. It can be set to detect whether the source of the request is the debug interface 18 or a direct memory access (DMA) unit by determining the identity of the active memory bus master. It also accesses the memory protection settings register and determines whether to allow or deny the access requirement based on the state of the "firm region" register and the identity of the bus primary device.
在一些較佳實施例裡,該軟體應用27被拒絕讀取與寫入存取至快閃區域0以及至RAM區域0。此保護該韌體模組23之機密性,並可避免該軟體應用無意地或惡意地寫入分配給該韌體模組23的記憶體區域,藉此增加堅固性和安全性。該軟體應用快閃區域1也可被保護來不被讀取存取,例如經由一個外部除錯介面18用以保護來不被回讀。 In some preferred embodiments, the software application 27 is denied read and write accesses to the flash region 0 and to the RAM region 0. This protects the confidentiality of the firmware module 23 and prevents the software application from inadvertently or maliciously writing to the memory area allocated to the firmware module 23, thereby increasing robustness and security. The software application flash area 1 can also be protected from being read access, for example via an external debug interface 18 for protection from being read back.
圖4顯示在未被授權的存取時該微控制器1可實現該快閃記憶體13之保護的一決定表。當然其他替代的實現皆是可能的。 Figure 4 shows a decision table that the microcontroller 1 can implement for protection of the flash memory 13 during unauthorized access. Of course other alternative implementations are possible.
兩個二進位旗標被儲存在該快閃記憶體13的記憶體-保護設定區域裡(並在啟動時被複製到暫存器)。該第一設立之旗標係經由該除錯介面18避免資料讀取和寫入存取至所有該程式快閃。該第二設立之旗標係避免除了區域0自身的程式碼執行以外的任何資料讀取和寫入存取至所有該區域0快閃記憶體。即使資料讀取存取被拒絕時,該處理器7的執行存取(即指令提取)仍然被允許。 The two binary flags are stored in the memory-protection setting area of the flash memory 13 (and are copied to the scratchpad at startup). The first set flag is used to avoid data read and write accesses to all of the program flashes via the debug interface 18. The flag of the second setup avoids any data read and write accesses other than the code execution of the region 0 itself to all of the region 0 flash memory. The execution access (i.e., instruction fetch) of the processor 7 is still allowed even if the data read access is denied.
假如一攻擊可改變儲存在該快閃記憶體13的記憶體-保護設定區的資料,該保護機制可被略過。然而,該快閃記憶體控制器20避免寫入至該記憶體-保護設定區,除非其在一被抹除狀態。此外,該快閃記憶體控制器20避免該記憶體-保護設定區的抹除,除非該快閃記憶體13的區域0和區域1已先被抹除。其使用數位邏輯實作一有限狀態機器以實現這些情況。 If an attack can change the data stored in the memory-protection setting area of the flash memory 13, the protection mechanism can be skipped. However, the flash memory controller 20 avoids writing to the memory-protection setting area unless it is in an erased state. In addition, the flash memory controller 20 avoids erasing of the memory-protection setting area unless area 0 and area 1 of the flash memory 13 have been erased first. It uses digital logic to implement a finite state machine to achieve these conditions.
假如該快閃記憶體控制器20接收一指令來寫入一字串至該記憶體-保護設定區的一位址,其將先讀取該位址上存在的內容並且將只允許該寫入,假如存在的內容全部為二進位中的“1”,其表示該位址在該記憶體-保護設定區快閃記憶體的一抹除中尚未被寫入。假如該檢查失敗,其將拒絕該寫入並發出一處理器7之例外。 If the flash memory controller 20 receives an instruction to write a string to an address of the memory-protection set area, it will first read the content present on the address and will only allow the write. If the existing content is all "1" in the binary, it indicates that the address has not been written in an erasure of the flash memory of the memory-protection setting area. If the check fails, it will reject the write and issue an exception for processor 7.
假如該快閃記憶體控制器20接收一指令來抹 除整個快閃記憶體13,在抹除該記憶體-保護設定區之前,其將先藉由抹除快閃區域0和快閃區域1的內容來回應。基於此理由,該記憶體-保護設定區域較佳地儲存在其本身的可抹除快閃頁面裡,而與該快閃記憶體13的任何程式化區域分離。 If the flash memory controller 20 receives an instruction to wipe In addition to the entire flash memory 13, it will first respond by erasing the contents of flash area 0 and flash area 1 before erasing the memory-protection setting area. For this reason, the memory-protection setting area is preferably stored in its own erasable flash page, separated from any stylized area of the flash memory 13.
該快閃記憶體控制器20將拒絕任何用以僅抹除該記憶體-保護設定區域的指令。 The flash memory controller 20 will reject any instructions to erase only the memory-protection setting area.
該領域具通常知識者可知該微控制器1也可被設定以防止執行該快閃記憶體13的區域0以外的程式碼來存取重要的特徵,例如有關該射頻通訊邏輯17的低等級功能函數的暫存器、該電源控制邏輯5、一直接-記憶體存取(DMA)控制器、或中斷暫存器。 It will be apparent to those skilled in the art that the microcontroller 1 can also be configured to prevent execution of code other than area 0 of the flash memory 13 to access important features, such as low level functions associated with the radio frequency communication logic 17. The function's register, the power control logic 5, a direct-memory access (DMA) controller, or an interrupt register.
所屬領域具通常知識者可以得知上述實施例僅係為了方便說明而舉例而已,本發明所主張之權利範圍自應以申請專利範圍所述為準,而非僅限於上述實施例。 It is to be understood by those skilled in the art that the above-described embodiments are only intended to be illustrative, and the scope of the invention is intended to be limited by the scope of the claims.
1‧‧‧積體電路微控制器 1‧‧‧Integrated Circuit Microcontroller
3‧‧‧時脈邏輯 3‧‧‧ clock logic
5‧‧‧電源管理電路 5‧‧‧Power Management Circuit
7‧‧‧處理器 7‧‧‧ Processor
9‧‧‧記憶體保護單元 9‧‧‧Memory Protection Unit
11‧‧‧隨機存取記憶體 11‧‧‧ Random access memory
13‧‧‧快閃記憶體 13‧‧‧Flash memory
15‧‧‧周邊 15‧‧‧around
17‧‧‧射頻通訊邏輯 17‧‧‧RF communication logic
18‧‧‧除錯介面 18‧‧‧Debugging interface
19‧‧‧輸入/輸出電路 19‧‧‧Input/Output Circuit
20‧‧‧快閃記憶體控制器 20‧‧‧Flash Memory Controller
Claims (29)
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| GB1211422.9A GB2503470B (en) | 2012-06-27 | 2012-06-27 | Memory protection |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| TW201409236A true TW201409236A (en) | 2014-03-01 |
| TWI581099B TWI581099B (en) | 2017-05-01 |
Family
ID=46704312
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| TW102122332A TWI581099B (en) | 2012-06-27 | 2013-06-24 | Integrated-circuit and method of controlling memory access on the integrated-circuit device |
Country Status (8)
| Country | Link |
|---|---|
| US (2) | US9430409B2 (en) |
| EP (2) | EP2867776B1 (en) |
| JP (1) | JP6306578B2 (en) |
| KR (1) | KR102095614B1 (en) |
| CN (1) | CN104412242B (en) |
| GB (3) | GB2513727B (en) |
| TW (1) | TWI581099B (en) |
| WO (1) | WO2014001803A2 (en) |
Families Citing this family (38)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20140316873A1 (en) * | 2013-04-22 | 2014-10-23 | Codecard, Inc. | Apparatus, system and methods to issue a prize to a user of a credit account based on user purchase activities |
| EP2808818B1 (en) * | 2013-05-29 | 2016-07-13 | Nxp B.V. | Processing system |
| GB2521607B (en) * | 2013-12-23 | 2016-03-23 | Nordic Semiconductor Asa | Integrated-Circuit Radio |
| US20150351999A1 (en) * | 2014-01-15 | 2015-12-10 | Getting in the Mood, LLC | Heating and vibrating personal massager with accompanying cover |
| US20160180092A1 (en) * | 2014-12-23 | 2016-06-23 | Mcafee, Inc. | Portable secure storage |
| CN104573421B (en) | 2014-12-30 | 2017-12-22 | 北京兆易创新科技股份有限公司 | A kind of MCU chip information protecting method and device based on some subregions |
| CN104598402B (en) * | 2014-12-30 | 2017-11-10 | 北京兆易创新科技股份有限公司 | A kind of control method of flash controller and flash controller |
| US10540524B2 (en) * | 2014-12-31 | 2020-01-21 | Mcafee, Llc | Memory access protection using processor transactional memory support |
| US10157008B2 (en) * | 2015-04-29 | 2018-12-18 | Qualcomm Incorporated | Systems and methods for optimizing memory power consumption in a heterogeneous system memory |
| CN107548492B (en) * | 2015-04-30 | 2021-10-01 | 密克罗奇普技术公司 | Central processing unit with enhanced instruction set |
| GB2539455A (en) | 2015-06-16 | 2016-12-21 | Nordic Semiconductor Asa | Memory watch unit |
| US10528287B2 (en) * | 2015-10-09 | 2020-01-07 | Sony Corporation | Memory, memory controller, storage apparatus, information processing system, and control method for tracking erase count and rewrite cycles of memory pages |
| US20170139844A1 (en) * | 2015-11-17 | 2017-05-18 | Silicon Laboratories Inc. | Asymmetric memory |
| JP6742831B2 (en) * | 2016-06-14 | 2020-08-19 | ルネサスエレクトロニクス株式会社 | Information processing device, read control method, and program |
| US11416421B2 (en) | 2016-07-19 | 2022-08-16 | Cypress Semiconductor Corporation | Context-based protection system |
| GB2557305A (en) * | 2016-12-05 | 2018-06-20 | Nordic Semiconductor Asa | Memory protection logic |
| US10691803B2 (en) * | 2016-12-13 | 2020-06-23 | Amazon Technologies, Inc. | Secure execution environment on a server |
| US10409981B2 (en) | 2017-04-21 | 2019-09-10 | International Business Machines Corporation | In-process stack memory protection |
| US10587575B2 (en) * | 2017-05-26 | 2020-03-10 | Microsoft Technology Licensing, Llc | Subsystem firewalls |
| US10346345B2 (en) | 2017-05-26 | 2019-07-09 | Microsoft Technology Licensing, Llc | Core mapping |
| US10353815B2 (en) | 2017-05-26 | 2019-07-16 | Microsoft Technology Licensing, Llc | Data security for multiple banks of memory |
| US10534553B2 (en) | 2017-08-30 | 2020-01-14 | Micron Technology, Inc. | Memory array accessibility |
| RU2677366C1 (en) * | 2017-10-27 | 2019-01-16 | Юрий Алексеевич Шашлюк | Data storage device and method of operation thereof |
| US10318438B1 (en) * | 2017-12-07 | 2019-06-11 | Nuvoton Technology Corporation | Secure memory access using memory read restriction |
| US11132134B2 (en) * | 2017-12-21 | 2021-09-28 | Apple Inc. | Flexible over-provisioning of storage space within solid-state storage devices (SSDs) |
| TWI650648B (en) * | 2018-02-09 | 2019-02-11 | 慧榮科技股份有限公司 | System wafer and method for accessing memory in system wafer |
| US11036654B2 (en) | 2018-04-14 | 2021-06-15 | Microsoft Technology Licensing, Llc | NOP sled defense |
| GB201807257D0 (en) | 2018-05-02 | 2018-06-13 | Nordic Semiconductor Asa | Cryptographic key distribution |
| GB201810533D0 (en) * | 2018-06-27 | 2018-08-15 | Nordic Semiconductor Asa | Hardware protection of files in an intergrated-circuit device |
| FR3087020A1 (en) * | 2018-10-09 | 2020-04-10 | Stmicroelectronics (Grenoble 2) Sas | METHOD FOR ACCESSING A MEMORY |
| US11210238B2 (en) * | 2018-10-30 | 2021-12-28 | Cypress Semiconductor Corporation | Securing data logs in memory devices |
| JPWO2020095410A1 (en) * | 2018-11-08 | 2021-09-24 | ソニーグループ株式会社 | Communication device |
| US11036887B2 (en) * | 2018-12-11 | 2021-06-15 | Micron Technology, Inc. | Memory data security |
| TWI682400B (en) * | 2019-03-04 | 2020-01-11 | 新唐科技股份有限公司 | Semiconductor device and data protection method |
| JP2021111112A (en) * | 2020-01-09 | 2021-08-02 | キヤノン株式会社 | Image forming apparatus and control method thereof |
| CN111625784B (en) * | 2020-05-29 | 2023-09-12 | 重庆小雨点小额贷款有限公司 | Anti-debugging method of application, related device and storage medium |
| FR3118219B1 (en) * | 2020-12-17 | 2024-03-15 | Stmicroelectronics Grand Ouest Sas | Method for protecting a system, for example a microcontroller, and corresponding system |
| JP7408593B2 (en) * | 2021-03-23 | 2024-01-05 | 株式会社東芝 | Control devices, information processing devices, and information processing systems |
Family Cites Families (36)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US4698750A (en) * | 1984-12-27 | 1987-10-06 | Motorola, Inc. | Security for integrated circuit microcomputer with EEPROM |
| JPS6382534A (en) | 1986-09-26 | 1988-04-13 | Matsushita Electric Ind Co Ltd | Memory protection device |
| US5001670A (en) | 1987-02-06 | 1991-03-19 | Tektronix, Inc. | Nonvolatile memory protection |
| US5469557A (en) * | 1993-03-05 | 1995-11-21 | Microchip Technology Incorporated | Code protection in microcontroller with EEPROM fuses |
| US5564030A (en) * | 1994-02-08 | 1996-10-08 | Meridian Semiconductor, Inc. | Circuit and method for detecting segment limit errors for code fetches |
| US5737760A (en) * | 1995-10-06 | 1998-04-07 | Motorola Inc. | Microcontroller with security logic circuit which prevents reading of internal memory by external program |
| JP3489708B2 (en) * | 1996-10-23 | 2004-01-26 | シャープ株式会社 | Nonvolatile semiconductor memory device |
| JPH10228421A (en) * | 1997-02-14 | 1998-08-25 | Nec Ic Microcomput Syst Ltd | Memory access control circuit |
| JP4000654B2 (en) * | 1997-02-27 | 2007-10-31 | セイコーエプソン株式会社 | Semiconductor device and electronic equipment |
| US6446184B2 (en) * | 1998-04-28 | 2002-09-03 | International Business Machines Corporation | Address re-mapping for memory module using presence detect data |
| JP2001051904A (en) * | 1999-08-11 | 2001-02-23 | Hitachi Ltd | External storage device using non-volatile semiconductor memory |
| US6895508B1 (en) | 2000-09-07 | 2005-05-17 | International Business Machines Corporation | Stack memory protection |
| US6952778B1 (en) | 2000-10-26 | 2005-10-04 | Cypress Semiconductor Corporation | Protecting access to microcontroller memory blocks |
| US6615329B2 (en) * | 2001-07-11 | 2003-09-02 | Intel Corporation | Memory access control system, apparatus, and method |
| US7093097B2 (en) * | 2001-11-27 | 2006-08-15 | International Business Machines Corporation | Dynamic self-tuning memory management method and system |
| US6883075B2 (en) | 2002-01-17 | 2005-04-19 | Silicon Storage Technology, Inc. | Microcontroller having embedded non-volatile memory with read protection |
| JP4347582B2 (en) * | 2003-02-04 | 2009-10-21 | パナソニック株式会社 | Information processing device |
| US7739516B2 (en) * | 2004-03-05 | 2010-06-15 | Microsoft Corporation | Import address table verification |
| JP4563707B2 (en) * | 2004-03-25 | 2010-10-13 | ルネサスエレクトロニクス株式会社 | Memory protector |
| US7210014B2 (en) | 2004-05-27 | 2007-04-24 | Microsoft Corporation | Alternative methods in memory protection |
| US7343496B1 (en) | 2004-08-13 | 2008-03-11 | Zilog, Inc. | Secure transaction microcontroller with secure boot loader |
| JPWO2006040798A1 (en) * | 2004-10-08 | 2008-05-15 | 株式会社ルネサステクノロジ | Semiconductor integrated circuit device and electronic system |
| US7516902B2 (en) | 2004-11-19 | 2009-04-14 | Proton World International N.V. | Protection of a microcontroller |
| US7673345B2 (en) | 2005-03-31 | 2010-03-02 | Intel Corporation | Providing extended memory protection |
| JP4584044B2 (en) * | 2005-06-20 | 2010-11-17 | ルネサスエレクトロニクス株式会社 | Semiconductor device |
| JP4818793B2 (en) | 2006-04-20 | 2011-11-16 | ルネサスエレクトロニクス株式会社 | Microcomputer and memory access control method |
| US8438365B2 (en) * | 2006-10-06 | 2013-05-07 | Calos Fund Limited Liability Company | Efficient data loading in a data-parallel processor |
| EP1978447B1 (en) * | 2007-04-05 | 2011-02-16 | STMicroelectronics (Research & Development) Limited | Integrated circuit with restricted data access |
| US8051263B2 (en) | 2007-05-04 | 2011-11-01 | Atmel Corporation | Configurable memory protection |
| US7917716B2 (en) | 2007-08-31 | 2011-03-29 | Standard Microsystems Corporation | Memory protection for embedded controllers |
| US7836226B2 (en) * | 2007-12-06 | 2010-11-16 | Fusion-Io, Inc. | Apparatus, system, and method for coordinating storage requests in a multi-processor/multi-thread environment |
| US7895404B2 (en) * | 2008-02-14 | 2011-02-22 | Atmel Rousset S.A.S. | Access rights on a memory map |
| US8001357B2 (en) * | 2008-04-30 | 2011-08-16 | Microsoft Corporation | Providing a single drive letter user experience and regional based access control with respect to a storage device |
| US20100106926A1 (en) * | 2008-10-25 | 2010-04-29 | International Business Machines Corporation | Second failure data capture problem determination using user selective memory protection to trace application failures |
| US20110289294A1 (en) * | 2009-12-14 | 2011-11-24 | Manabu Maeda | Information processing apparatus |
| JP5793712B2 (en) * | 2010-03-01 | 2015-10-14 | パナソニックIpマネジメント株式会社 | Nonvolatile storage device, access device, and nonvolatile storage system |
-
2012
- 2012-06-27 GB GB1405811.9A patent/GB2513727B/en active Active
- 2012-06-27 GB GB1312526.5A patent/GB2503583B/en active Active
- 2012-06-27 GB GB1211422.9A patent/GB2503470B/en active Active
-
2013
- 2013-06-21 US US13/924,249 patent/US9430409B2/en active Active
- 2013-06-24 TW TW102122332A patent/TWI581099B/en active
- 2013-06-26 WO PCT/GB2013/051694 patent/WO2014001803A2/en active Application Filing
- 2013-06-26 EP EP13733436.3A patent/EP2867776B1/en active Active
- 2013-06-26 KR KR1020157002157A patent/KR102095614B1/en active IP Right Grant
- 2013-06-26 CN CN201380033753.6A patent/CN104412242B/en active Active
- 2013-06-26 JP JP2015519342A patent/JP6306578B2/en active Active
- 2013-06-26 EP EP20163176.9A patent/EP3702923B1/en active Active
-
2016
- 2016-06-16 US US15/184,777 patent/US20160299720A1/en not_active Abandoned
Also Published As
| Publication number | Publication date |
|---|---|
| WO2014001803A3 (en) | 2014-03-20 |
| GB2513727A (en) | 2014-11-05 |
| TWI581099B (en) | 2017-05-01 |
| GB201405811D0 (en) | 2014-05-14 |
| KR102095614B1 (en) | 2020-04-01 |
| EP2867776B1 (en) | 2020-04-29 |
| JP6306578B2 (en) | 2018-04-04 |
| WO2014001803A2 (en) | 2014-01-03 |
| US9430409B2 (en) | 2016-08-30 |
| GB201312526D0 (en) | 2013-08-28 |
| GB2503470B (en) | 2014-08-13 |
| GB2503470A (en) | 2014-01-01 |
| KR20150033695A (en) | 2015-04-01 |
| CN104412242B (en) | 2018-01-19 |
| EP2867776A2 (en) | 2015-05-06 |
| US20140006692A1 (en) | 2014-01-02 |
| CN104412242A (en) | 2015-03-11 |
| GB201211422D0 (en) | 2012-08-08 |
| GB2503583B (en) | 2015-06-17 |
| GB2503583A (en) | 2014-01-01 |
| JP2015525916A (en) | 2015-09-07 |
| EP3702923B1 (en) | 2023-06-21 |
| GB2503470A9 (en) | 2014-01-15 |
| US20160299720A1 (en) | 2016-10-13 |
| GB2513727B (en) | 2015-06-24 |
| EP3702923A1 (en) | 2020-09-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| TWI581099B (en) | Integrated-circuit and method of controlling memory access on the integrated-circuit device | |
| US9836609B2 (en) | Event-based apparatus and method for securing bios in a trusted computing system during execution | |
| US6976136B2 (en) | Flash memory protection scheme for secured shared BIOS implementation in personal computers with an embedded controller | |
| EP2874092B1 (en) | Recurrent BIOS verification with embedded encrypted hash | |
| US9367689B2 (en) | Apparatus and method for securing BIOS in a trusted computing system | |
| GB2557305A (en) | Memory protection logic | |
| TW201525870A (en) | Updatable integrated-circuit radio | |
| US10049217B2 (en) | Event-based apparatus and method for securing bios in a trusted computing system during execution | |
| KR20190085387A (en) | Semiconductor device and method for operating semiconductor device | |
| US10592663B2 (en) | Technologies for USB controller state integrity protection | |
| US10055588B2 (en) | Event-based apparatus and method for securing BIOS in a trusted computing system during execution | |
| US10095868B2 (en) | Event-based apparatus and method for securing bios in a trusted computing system during execution | |
| WO2019081057A1 (en) | Memory with rules | |
| CN110569205A (en) | Security system single chip and method of operation thereof | |
| CN116635855A (en) | Apparatus and method for managing access of executable code to data memory based on execution context |